Hello all, Apologies if there's any emails that have already gone out for these editorial items or if you all already had plans to fix them. I was going through the draft today and didn't see any of these suggested edits in the mail archive. -----------
In section 1. Introduction it states "module-lattice based" NIST defines it in FIPS 204 with a "-" in-between both module and lattice and lattice and based so this should probably be: "module-lattice-based" In addition in this section, it says "algorothm" which should be corrected to "algorithm". ------------- In section 3. The paragraph beginning "These correspond to..." has the text "variantsadefined" which looks to be a mistyped "a" where a space should be. This should be corrected to "variants defined" In the paragraph beginning "The schemes defined in this document..." should probably say that these algorithms must not be used in a TLS version earlier than TLS 1.3. Right now it only precludes version 1.2. Throughout RFC 8446, this is referenced as "TLS 1.2 or below". So the proposed language is to change the first sentence (and others like it) to: "The schemes defined in this document MUST NOT be used in TLS 1.2 or below." And "A peer that receives ServerKeyExchange or CertificateVerify message in a TLS 1.2 or below connection" ------------- I realize that there are many considerations that need to be put into place in the "Security Considerations" and it has been left as a TODO. There's probably some worth in taking some of the info in 8446 appendix C, D, and E, and discussing them in terms of using PQC for authentication vs non-PQC. As well as the decision to NOT allow the hash-ml-dsa variants and other such security considerations like what's discussed in FIPS 204 section 3 Thank you, Ryan Appel ---------------------------------------------------------------------- This message, and any attachment(s), is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/electronic-disclaimer. If you are not the intended recipient, please delete this message. For more information about how Bank of America protects your privacy, including specific rights that may apply, please visit the following pages: https://business.bofa.com/en-us/content/global-privacy-notices.html (which includes global privacy notices) and https://www.bankofamerica.com/security-center/privacy-overview/ (which includes US State specific privacy notices such as the http://www.bankofamerica.com/ccpa-notice).
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
